I suggest you ...

Give option to use the Droplet's own bootloader!

At present it appears (at least for Ubuntu) that the KVM instance for each Droplet is invoked with a kernel & initrd that are external to the Droplet's storage. This means that security updates/upgrades to the kernel from with the Droplet (eg *distribution security updates*) are ignored and the Droplet continues to boot with the kernel & initrd from when the Digital Ocean image was created.

1,240 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Chris WilsonChris Wilson shared this idea  ·   ·  Admin →
    Andrew RembrandtAndrew Rembrandt shared a merged idea: Specify custom kernel parameters from control panel  ·   · 
    BilalBilal shared a merged idea: Members should use own Kernels  ·   · 
    Anonymous shared a merged idea: dear sir I'm working on my Cloudlinux on digitalocean.com i want you to forward this problem to your senior management staffs or CEO to re  ·   · 
    RR shared a merged idea: Centos 6.5 upstream kernel: kernel-2.6.32-431.3.1.el6  ·   · 
    Anonymous shared a merged idea: Archlinux kernel selection  ·   · 
    Anonymous shared a merged idea: New Kernels  ·   · 
    AmkoAmko shared a merged idea: Add Centos 5.10 Kernel 2.6.18-371.1.2.el5.go please.  ·   · 
    Joe LeBlancJoe LeBlanc shared a merged idea: Allow Custom Kernels - would like to have kernels with grsecurity support  ·   · 
    Anonymous shared a merged idea: Add CentOS kernel vmlinuz-2.6.32-358.23.2.el6.x86_64  ·   · 
    SeanSean shared a merged idea: Debian Linux Kernel 3.10-3  ·   · 
    LenaLena shared a merged idea: Kernel update for Ubuntu 12.04 LTS  ·   · 
    Matt ThomasMatt Thomas shared a merged idea: Add 3.2.0-52-generic kernel support  ·   · 
    Anonymous shared a merged idea: Add another kernel in the list: kernel 2.6.18  ·   · 
    John DoeJohn Doe shared a merged idea: Add latest kernels for Ubuntu 13.04  ·   · 
    Tobias SchwabTobias Schwab shared a merged idea: Improve Kernel Management  ·   · 
    Jonathan TittleJonathan Tittle shared a merged idea: Allow Custom Kernels  ·   · 

    112 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • StefStef commented  · 

        Really disappointing… :(

      • mc0emc0e commented  · 

        Seriously? 3 years? I've recently put a few of a client's servers on DO. No more.

      • SeanSean commented  · 

        No, on Fedora 21 you can delete the local kernel/initrd and it still boots...

      • md_5md_5 commented  · 

        CoreOS, FreeBSD and Fedora 21 all use their own bootloaders.... now for this to just become standard. I'll never understand why it was done this way in the first place.

      • Anonymous commented  · 

        When I joined DO, I didn't realize that this was a limitation. Luckily, I only joined recently and haven't fully committed to DO just yet. If this doesn't get implemented soon, I'm afraid I may be forced to go elsewhere. That would be a shame because I've so far been very happy about everything else at DO.

      • SeanSean commented  · 

        I've finally left for another provider because of this issue. Digital Ocean was stuck on kernel 3.2.60-1+deb7u1 for over two months after Debian released newer versions with SECURITY UPDATES. They only added the new version after I noticed this and opened a support ticket. They didn't even know there were missing updates at the time.

        They are acting very irresponsibly by taking kernel patching upon themselves and then not doing their job. It concerns me that this is probably not the only thing they have neglected -- just the easiest one to see.

      • GeraldGerald commented  · 

        How many more votes does Digital Ocean need to implement this?

      • Monkey BonkeyMonkey Bonkey commented  · 

        I have never have an Arch kernel break on me. The situation here is much worse since we can't patch stuff even when we want to...

      • LukaLuka commented  · 

        ETA on this is NEVER.... Same as for more space per droplet...

      • Justin JettJustin Jett commented  · 

        1000 votes. What is the ETA for this?

      • d3zorgd3zorg commented  · 

        much need. do it please :)

      • MaxMax commented  · 

        How has this not been implemented yet? Once again, there are kernel updates that I can't apply because of the DO bootloader.

      • SeanSean commented  · 

        I just figured I'd mention, because of this problem, there is RIGHT NOW a security update that has been released for Debian that is impossible to install on a DO droplet without kexec trickery. When are you going to fix this???

      • BasBas commented  · 

        We need this...

      • Martin PescatoreMartin Pescatore commented  · 

        DigitalOcean keep us updated on this please! Transparency is important!

      • SeanSean commented  · 

        The amount of time this issue has existed demonstrates that security is far from the top priority at DigitalOcean.

      • Anonymous commented  · 

        Please you must finish this improvement.

      ← Previous 1 3 4 5 6

      Feedback and Knowledge Base